Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5006

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5006
Last Modified 05 Sep 2008 05:29:38
Published 01 Oct 2007 04:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5006

Summary

Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.

Vulnerable Systems

Application

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.0

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.1

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.5

  • Ca Brightstor Arcserve Backup Laptops Desktops 4.0

  • Ca Desktop Management Suite 11.0

  • Ca Desktop Management Suite 11.1

  • Ca Desktop Management Suite 11.2

  • Ca Protection Suites R2


References

CONFIRM - http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677

CONFIRM - http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

CONFIRM - http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

SECTRACK - 1018728

BID - 24348

SECUNIA - 25606

IDEFENSE - 20070920 CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability

BUGTRAQ - 20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities


Last Updated: 27 May 2016 10:46:02